Security Information / 2016 / Security Information -- DSA-3469-1 qemu

Debian Security Advisory

DSA-3469-1 qemu -- security update

Date Reported:

08 Feb 2016

Affected Packages:

qemu

Vulnerable:

Yes

Security database references:

In the Debian bugtracking system: Bug 799452, Bug 806373, Bug 806741, Bug 806742, Bug 808130, Bug 808144, Bug 810519, Bug 810527, Bug 811201, Bug 812307.
In Mitre's CVE dictionary: CVE-2015-7295, CVE-2015-7504, CVE-2015-7512, CVE-2015-8345, CVE-2015-8504, CVE-2015-8558, CVE-2015-8743, CVE-2016-1568, CVE-2016-1714, CVE-2016-1922, CVE-2016-1981.

More information:

Several vulnerabilities were discovered in qemu, a full virtualization solution on x86 hardware.

• CVE-2015-7295

  Jason Wang of Red Hat Inc. discovered that the Virtual Network Device support is vulnerable to denial-of-service (via resource exhaustion), that could occur when receiving large packets.

• CVE-2015-7504

  Qinghao Tang of Qihoo 360 Inc. and Ling Liu of Qihoo 360 Inc. discovered that the PC-Net II ethernet controller is vulnerable to a heap-based buffer overflow that could result in denial-of-service (via application crash) or arbitrary code execution.

• CVE-2015-7512

  Ling Liu of Qihoo 360 Inc. and Jason Wang of Red Hat Inc. discovered that the PC-Net II ethernet controller is vulnerable to a buffer overflow that could result in denial-of-service (via application crash) or arbitrary code execution.

• CVE-2015-8345

  Qinghao Tang of Qihoo 360 Inc. discovered that the eepro100 emulator contains a flaw that could lead to an infinite loop when processing Command Blocks, eventually resulting in denial-of-service (via application crash).

• CVE-2015-8504

  Lian Yihan of Qihoo 360 Inc. discovered that the VNC display driver support is vulnerable to an arithmetic exception flaw that could lead to denial-of-service (via application crash).

• CVE-2015-8558

  Qinghao Tang of Qihoo 360 Inc. discovered that the USB EHCI emulation support contains a flaw that could lead to an infinite loop during communication between the host controller and a device driver. This could lead to denial-of-service (via resource exhaustion).

• CVE-2015-8743

  Ling Liu of Qihoo 360 Inc. discovered that the NE2000 emulator is vulnerable to an out-of-bound read/write access issue, potentially resulting in information leak or memory corruption.

• CVE-2016-1568

  Qinghao Tang of Qihoo 360 Inc. discovered that the IDE AHCI emulation support is vulnerable to a use-after-free issue, that could lead to denial-of-service (via application crash) or arbitrary code execution.

• CVE-2016-1714

  Donghai Zhu of Alibaba discovered that the Firmware Configuration emulation support is vulnerable to an out-of-bound read/write access issue, that could lead to denial-of-service (via application crash) or arbitrary code execution.

• CVE-2016-1922

  Ling Liu of Qihoo 360 Inc. discovered that 32-bit Windows guests support is vulnerable to a null pointer dereference issue, that could lead to denial-of-service (via application crash).

For the oldstable distribution (wheezy), these problems have been fixed in version 1.1.2+dfsg-6a+deb7u12.

We recommend that you upgrade your qemu packages.